Linux > More on USER ID, Password, and Group management

byVivek GiteonMarch 23, 2005

In order login into Linux system (over ssh or other services ) you need a username and password. Username and password stored in /etc/passwd and /etc/shadow file respectively. When you supplies password, it encrypts and compare with password stored in /etc/shadow, which is also in, encrypted format (it was stored when you or system administrator registers/updates it). If both are equal, you are in. Once logged in, you become the number to Linux kernel. You can obtain your user id and other information using id command:

It is always good idea to use the UID more than 1000 for all users for security reason.

Zero UID

The UID number 0 is special and used by the root user. The zero (0) UID enjoys the unrestricted/unlimited access to Linux system. Note that 0 UID assigned to name root; if you wish you can change this (poorly written program may fail) and assign different name.

Similarly, you have group id (GID). It is use by Linux to refer group names. Single user can be member of multiple groups. This result into very good flexibility for access the system and the sharing files. Many UNIX system uses wheel group as power user group. Like the UID value, zero GID value zero enjoys the unrestricted/unlimited access to Linux system.

Some time Linux and other UNIX like (FreeBSD, Solaris etc) uses EUID, RUID, and SUID concept.

The Effective User ID (EUID)

It is use to determine what level of access the current process has. When EUID is zero then the process has unrestricted/unlimited access. Following commands can be used to print Effective User ID under Linux:$ whoami $ id -un

The Real User ID (RUID):

It is use to identify who you actually are. Once it is setup by system (usually login program) it cannot be change till your session terminates. You cannot change your RUID. Only root (or person having zero UID) can change the RUID. Use the command id as follows to obtain Real user ID:$ id –ru

The Saved User ID (SUID):

When new process / executable file such as passwd, started the effective user id that is in force at the time is copied to the saved user id. Because of this feature, you are able to update your own password stored in /etc/shadow file. Off course, executable file must have set-user-id bit on in order to setuid (system call). Before process ending itself it switches back to SUID.

In short,

RUID : Identify the real user, normal user cannot change it.

EUID : Decides access level, normal user can change it.

SUID : Saves the EUID, normal user cannot change it.

Real Group ID : Identify the real group

Effective Group ID and Supplementary group ID : Decides access level

Note that access level means kernel can determine whether you have access to devices, files etc.

off-course, u may inter your computer, for this, u have to take some step. 1. at first ,before starting booting Linux flavor just press up arrow key 2.for going interactive mode press e,then 1 and press b 3.after this u will be on interactive mode then u may change your password, as #Passwd root then ask enter password…. when u got successfully change your password then #Init 5 after that you are able to access system.

Hello! EveryOne, I have also few queries. Please find it below- 1. Can we change uid of root user? 2. Can we set a normal user’s uid as 0? 3. If anyone trying to access my computer, How can I get log-in information of my system on my e-mail or mobile?

1. Yes, but why? usermod -ou root 2. Yes, but why? usermod -ou 0 3. That will depend on how you have your box set up. Someone could always disconnect your system while using it. A more certain manner though would be to have the time/date, etc spooled for later sending or reading once your home. Do you mean trying to access it remotely or from the console.

What is the Linux command for this? In windowsDOS I enter “Net user ecmadmin /DOMAIN” it returns the following The request will be processed at a domain controller for domain silver.com User name ecmadmin Full name ecmadmin Comments O: Moore, John (N57498) B: Galper, Michael (C44610)

What is the Linux command for this? In windowsDOS I enter “Net user ecmadmin /DOMAIN” it returns the following The request will be processed at a domain controller for domain silver.com User name ecmadmin Full name ecmadmin Comments O: Moore, John (N57498) B: Galper, Michael (C44610)